Many North American IT leaders are preparing to significantly improve their user authentication technologies in the next two years, according to a new vendor survey.
Sixty-five per cent of respondents said they are planning on implementing passwordless technologies in the next 24 months, according to research conducted for SecureAuth. Nearly a third of respondents said they plan to do so in the next six months, and another third are looking at the 12-24 month horizon.
The survey, released Wednesday for SecureAuth’s first State of Authentication report, covered 285 IT and security professionals from mid-to-large enterprises in North America.
For 2023, the biggest upgrade priority for respondents is adapting single sign on technologies (45 per cent of respondents), followed by intelligent/phishing-resistant multifactor authentication (38 per cent) and risk-based continuous authentication (25 per cent).
Still, 29 per cent of respondents said this year they will be adopting what is considered “traditional” multifactor authentication, meaning solutions that send a one-time password through SMS texts or phone calls.
Note that 76 per cent of respondents said their firms use multiple identity platforms(IdP). Respondents said there were a number of reasons why: Particular use-case reasons (for example, Mac users need a different solution than the rest of the firm), a preference for best-of-breed solutions, for backup in case their primary product goes down or is compromised, or because of a merger/acquisition.
Asked what was standing in the way of implementing improved authentication solutions faster, the top reason was having too many competing priorities (55 per cent), followed by not knowing enough about the technology (46 per cent), and lack of budget (24 per cent).
One piece of good news: Despite its weaknesses, many of the surveyed firms do use at least traditional MFA, which security pros say is better than just usernames and passwords.
Over half of the respondents say that more than 75 per cent of their employees have deployed MFA. A further 15 per cent have deployed MFA to between half and three-quarters of their employees. Only four per cent said less than five per cent of employees use MFA.
An indication of why firms want to improve their authentication technology is in these numbers: Fifty-one per cent of respondents agreed traditional MFA is susceptible to cyberattacks. Fifteen per cent said traditional MFA doesn’t comply with their cyber insurance policies.
But also, 30 per cent of respondents agreed traditional MFA causes too much user friction.